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IN THE CLAIMS 

Amended claims follow. Insertions are underlined, while deletions are 
struck out. The status of each claim is included prior to each heading. 

1 . (Currently Amended) A method of executing a risk-assessment scan with a 
variable timeout duration which is set based on network conditions, 
comprising: 

a) measuring network conditions in a network coupled between a source and a 

target; 

b) executing a risk-assessment scan on the target from the source; and 

e) performing a risk-assessment scan-related timennr prior to making a 

determination that the target is failing to respond to the risk-assessment scan; 

d) wherein the timeout includes a variable duration which is selas a function of 

the measured network conditions: 

wherein the r isk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration . 

2. (Original) The method as recited in claim 1, wherein the network conditions 
include latency associated with communication between the source and the 
target. 

3. (Original) The method as recited in claim 1, wherein measuring the network 
conditions includes transmitting a probe signal from the source to the target 
utilizing the network. 

I. (Original) The method as recited in claim 3, wherein the probe signal 
prompts the target to send a response signal to the source utilizing the 
network. 

S. (Original) The method as recited in claim 4, wherein measuring the network 
conditions further includes receiving the response signal from the target 
utilizing the network. 
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6. (Original) The method as recited in claim 5, wherein measuring the network 
conditions further includes measuring a response duration between the 
transmission of the probe signal and the receipt of the response signal. 

7. (Original) The method as recited in claim 6, wherein the timeout is set as a 
function of the response duration. 

8. (Original) The method as recited in claim 1, wherein the timeout is set by 
adding a default value with a variable value which is set as a function of the 
measured network conditions. 

9. (Original) The method as recited in claim I , wherein the timeout is set by 
multiplying a default value with a variable factor which is set as a function of 
the measured network conditions. 

1 0. (Original) The method as recited in claim 1, wherein executing the risk- 
assessment scan includes executing a plurality of risk-assessment scan 
modules. 

1 1. (Original) The method as recited in claim 10, wherein the timeout is 
performed for each of (he risk-assessment scan modules. 

12. (Original) The method as recited in claim 1, and further comprising storing a 
result of the measurement of the network conditions. 

13. (Cancelled) 

14. (Currently Amended) A computer program product embodied on a computer 
readable mediurn_for executing a risk-assessment scan with a variable 
timeout duration which is set based on network conditions, comprising: 

a) computer code for measuring network conditions in a network coupled 
between a source and a target; 
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b) computer code for executing a risk-assessment scan on the target from the 
source; and 

c) computer code for performing a risk-assessment scan-related timeout prior to 
making a determination that the target is failing to respond to the risk- 
assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions^ 

wherein th e risk-assessment scan is abandoned if the target fails to respond 

to the risk-assessment scan within the variable duration . 

15. (Original) The computer program product as recited in claim 14, wherein the 
network conditions include latency associated with communication between 
the source and the target. 

1 6. (Original) The computer program product as recited in claim 14, wherein 
measuring the network conditions includes transmitting a probe signal from 
the source to the target utilizing the network. 

1 7. (Original) The computer program product as recited in claim 1 6, wherein the 
probe signal prompts the target to send a response signal to the source 
utilizing the network. 

1 8. (Original) The computer program product as recited in claim 1 7, wherein 
measuring the network conditions further includes receiving the response 
signal from the target utilizing the network. 

1 9. (Original) The computer program product as recited in claim 18, wherein 
measuring the network conditions further includes measuring a response 
duration between the transmission of the probe signal and the receipt of the 
response signal. 

20. (Original) The computer program product as recited in claim 19, wherein the 
timeout is set as a function of the response duration. 
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2 1 . (Original) The computer program product as recited in claim 1 4, wherein the 
timeout is set by adding a default value with a variable value which is set as 
a function of the measured network conditions. 

22. (Original) The computer program product as recited in claim 14, wherein the 
timeout is set by multiplying a default value with a variable factor which is 
set as a function of the measured network conditions. 

23. (Original) The computer program product as recited in claim 14, wherein 
executing the risk-assessment scan includes executing a plurality of risk- 
assessment scan modules. 

24. (Original) The computer program product as recited in claim 23, wherein the 
timeout is performed for each of the risk-assessment scan modules. 

25. (Original) The computer program product as recited in claim 3 4, and further 
comprising computer code for storing a result of the measurement of the 
network conditions. 

26. (Cancelled) 

27. (Original) The computer program product as recited in claim 14, wherein the 
network conditions are measured for a network segment, and the measured 
network conditions are used to set the timeout for a plurality of targets 
located on the network segment. 

28. (Currently Amended) A system embodied on a computer readable medium 
for executing a risk-assessment scan with a variable timeout duration which 
is set based on network conditions, comprising: 

a) logic for measuring network conditions in a network coupled between a 
source and a target; 

b) logic for executing a risk-assessment scan on the target from the source; and 



PACE 8/17 * RCVD AT 12/1/2004 6:11:35 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-1/0 * DNIS:8729306 * CSID:408 971 4660 * DURATION (mm-ss): 05-42 



Dec 01 04 03: 19p SVIPG 



408 971 4G60 



p. 9 



c) logic for performing a ris k-assessment scan-related tim P n.if prior to making a 
determination that the target is failing to respond to the risk-assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions: 

& wherein the risk-asses sment scan is abandoned if the target fails to res pond 

to the risk-assessment scan within the variable duration . 

29. (Currently Amended) A method of executing a risk-assessment scan with a 
variable timeout duration which is set based on network conditions, 
comprising: 

a) transmitting a probe signal from a source to a target utilizing a network, the 
probe signal prompting the target to send a response signal to the source 
utilizing the network; 

b) receiving the response signal from the target utilizing the network; 

c) measuring a response duration between the transmission of the probe signal 
and the receipt of the response signal; 

d) executing a risk-assessment scan including a plurality of risk-assessment 
scan modules; 

e) performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to each of the risk- 
assessment scan modules, wherein the timeout includes a variable duration 
which is set as a function of the response duration; and 

f) abandoning the risk-assessment scan modules if the target fails to respond to 
the risk-assessment scan modules within the variable duration. 

30. (Currently Amended) A computer program product embodied on a computer 
readable medium for executing a risk-assessment scan with a variable 
timeout duration which is set based on network conditions, comprising: 

a) computer code for transmitting a probe signaf from a source to a target 
utilizing a network, the probe signal prompting the target to send a response 
signal to the source utilizing the network; 

b) computer code for receiving the response signal from the target utilizing the 
network; 
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c) computer code for measuring a response duration between the transmission 
of the probe signal and the receipt of the response signal; 

d) computer code for executing a risk-assessment scan including a plurality of 
risk-assessment scan modules; 

e) computer code for performing a risk-assessment scan-related timermt prior to 
making a determination that the target is failing to respond to each of the 
risk-assessment scan modules, wherein the timeout includes a variable 
duration which is set as a function of the response duration; and 

f) computer code for abandoning the risk-assessment scan modules if the target 
fails to respond to the risk-assessment scan modules within the variable 
duration. 

3 1 . (New) The method as recited in claim 1 . wherein the timeout is set by the 
following algorithm: 

if Raciuai is < or > R defimJ , by (R dc iauii * F), 
then T aciuaJ = Tdoruuh + R ac;ua | * N; 
else T actua | 5=5 Tdefauii; and 
where: 

Rjefouii^ default response duration, 
Racuta] = actual response duration, 
Tdefauii- default timeout value, 

actual timeout value, 
F = deviation factor, and 
N = normalizing factor. 

12, (New) The method as recited in claim I , wherein the timeout is set utilizing a 
plurality of network condition probes that gather multiple network condition 
measurements on a single target. 

13. (New) The method as recited in claim 1, wherein the measured network 
conditions are measured for an entire network segment on which a plurality 
of target components is located. 
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(New) The method as recited in claim 1, wherein the source is capable of 
reducing a latency of the risk-assessment scan by setting the variable 
duration to a minimal value, while avoiding the abandonment of vulnerable 
systems reachable over high latency networks by increasing the variable 
duration to accommodate such scenarios. 



PACE 11/17 * RCVD AT 12)1/2004 6:11:35 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-1/0* DNIS: 8729306 * CSID:408 971 4660 * DURATION (mm-ss):05-42 



